IBM Security Guardium

Hello Seniors, 

In our Environment. I have upgraded my appliances from v11.3 to v11.5 with Patch 535 , 538(GIM Certificate Upgrade). However, upon executing "show certificate gim server" it is still showing Signature algorithm as a SHA1WIthRSA. Due to this New GIM Agent are unable to connect to the GIM Server as getting SSL connect error. So ,the question is why patch 538 did not updated algorithm from SHA1 to  SHA256 ? Do, I need to Install 11.5p1042 patch as well ...? Kindly assist me on this. thank you!

------------------------------
Akash Parmar
------------------------------

Hi Akash,

I have also done the same upgrade and able to see both SHA with 128 and 256 entries. New Gim installations will not fail if you use 11.5.7 latest agent where they are supporting sha1 and sha2 both. I feel this sha1 and sha2 certificate issue is not fully sorted by ibm developers as well. May be addressed in future releases.

------------------------------
Regards,
Rizwan Ali
Senior Guardium Consultant
Pakistan
------------------------------

Original Message:
Sent: Thu May 16, 2024 06:03 AM
From: Akash Parmar
Subject: GIM Server Side Certificate still using SHA1 Signature algorithm

Hello Seniors, 

In our Environment. I have upgraded my appliances from v11.3 to v11.5 with Patch 535 , 538(GIM Certificate Upgrade). However, upon executing "show certificate gim server" it is still showing Signature algorithm as a SHA1WIthRSA. Due to this New GIM Agent are unable to connect to the GIM Server as getting SSL connect error. So ,the question is why patch 538 did not updated algorithm from SHA1 to  SHA256 ? Do, I need to Install 11.5p1042 patch as well ...? Kindly assist me on this. thank you!

------------------------------
Akash Parmar
------------------------------